Healthcare Cybersecurity Weekly Briefing 7-7-2017

While security and privacy concerns have been created by modern technology, it has done really well when it comes to patient cares. Security challenges are come in two levels. The first one is the current security risks. Although business protection is a key goal that businesses have worked to maintain, it’s still a challenge that many businesses struggles with. Most businesses unknowingly are prone to common vulnerabilities by leaving their data open.

A recent Gartner report indicated that by 2020, at least one major safety incident will be caused by an IT security failure, leading to significant injury. A temporary loss of power from a failed power grid is inconvenient, a loss of control by an automated medical device administering a drug could be dangerous. It is easy to imagine a scenario that an IT failure could have a physical safety outcome. The increasing complexities of connections means things and infrastructure with different levels of security are now interacting. It will be difficult to predict the risk that will arise.

The good news is that studies have shown that cyberattacks have little effect on long-term corporate value. The share prices typically recover within 12 months. The reason that Yahoo had to write down $500 million is simply that the timing of the cyberattack coincided with the acquisition. Timing can be costly, partly because there are few financial recourses for a breach.

Since traditional security means loading software on the medical devices, the question becomes whether or not that action will require FDA approval, said Jennifer Geisler, vice president of marketing at ForeScout, a cybersecurity firm that specializes in the Internet of Things and other connected devices. If so, then vendors must be willing to assume the same liability that a medical device takes on, she added. And if the security software causes a malfunction and a system fails, the matter of liability arises, Geisler said, adding that infosec pros need to be asking a lot of questions.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.